Praise for Richard Deal’s CCNA Study Guide As a CCIE and instructor, I can personally assure you that the importance of learning the fundamentals cannot be stressed enough I have instructed certification candidates who were preparing for every level of Cisco certification, from CCNA up to CCIE Those individuals who took the time to learn the essential technologies have always had a much greater chance of success, both in pursuing certifications and working “real life” in the field This book is a wonderful tool to help you learn about Cisco networking In the years I have known Richard Deal, he has repeatedly impressed me with his technical knowledge and teaching ability Every time we work together on a project, Richard takes complex subjects and presents them in a way that is understandable He has a unique ability to enable people to understand complex technical content Richard has found a way to impress me again by efficiently covering Cisco’s large list of exam topics for the new CCNA exams This book is much more than the bound paper you are holding in your hands It contains the Boson NetSim Limited Edition and corresponding labs that are included for critical hands-on experience The practice exam included on the CD by Richard uses the Boson Exam Engine with the latest in simulation technology I would recommend taking advantage of the Boson NetSim upgrade and ExSim-Max practice exams prior to your exam date This will give you maximum exposure to the new topics In summary, this book and its enclosed CD-ROM will be a great resource to those preparing for Cisco certification and to those who want to master essential technologies It will remain accurate reference material about Cisco networking for years to come Bryan Baize CCIE 16139 This page intentionally left blank CCNA Cisco Certified Network Associate Study Guide ® ® (Exam 640-802) Richard Deal This study/training guide and/or material is not sponsored by, endorsed by, or affiliated with Cisco Systems, Inc in any manner Cisco®, Cisco Systems®, CCDA®, CCNA®, CCDP®, CCNP®, CCIE®, CCIP®, CCSP®, CCVP®, CCDE™, CCENT™, the Cisco Systems logo, and the Cisco Certified Internetwork Expert logo are trademarks or registered trademarks of Cisco Systems, Inc., in the United States and certain other countries All other trademarks are trademarks of their respective owners This publication and CD may be used in assisting students to prepare for an exam Neither McGraw-Hill nor Boson Software warrant that use of this publication and CD will ensure passing any exam New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2008 by The McGraw-Hill Companies All rights reserved Manufactured in the United States of America Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher 0-07-164373-7 The material in this eBook also appears in the print version of this title: 0-07-149728-5 All trademarks are trademarks of their respective owners Rather than put a trademark symbol after every occurrence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark Where such designations appear in this book, they have been printed with initial caps McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs For more information, please contact George Hoare, Special Sales, at george_hoare@mcgraw-hill.com or (212) 904-4069 TERMS OF USE This is a copyrighted work and The McGraw-Hill Companies, Inc (“McGraw-Hill”) and its licensors reserve all rights in and to the work Use of this work is subject to these terms Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited Your right to use the work may be terminated if you fail to comply with these terms THE WORK IS PROVIDED “AS IS.” McGRAW-HILL AND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACY OR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANY INFORMATION THAT CAN BE ACCESSED THROUGH THE WORK VIA HYPERLINK OR OTHERWISE, AND EXPRESSLY DISCLAIM ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE McGraw-Hill and its licensors not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom McGraw-Hill has no responsibility for the content of any information accessed through the work Under no circumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, consequential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages This limitation of liability shall apply to any claim or cause whatsoever whether such claim or cause arises in contract, tort or otherwise DOI: 10.1036/0071497285 ABOUT THE CONTRIBUTORS About the Author For more than 10 years, Richard Deal has operated his own company, The Deal Group, Inc., in Oviedo, Florida, east of Orlando Richard has more than 20 years of experience in the computing and networking industry, including networking, training, systems administration, and programming In addition to earning a B.S in mathematics from Grove City College, he holds many certifications from Cisco and has taught many beginning and advanced Cisco classes Richard is the author of Cisco PIX Firewalls, an in-depth book on Cisco’s PIX firewalls and their implementation, published by McGraw-Hill Richard is also the author of two books with Cisco Press: The Complete Cisco VPN Configuration Guide and Cisco Router Firewall Security; the latter book made it to Cisco’s CCIE Security recommended reading list Richard periodically holds bootcamp classes on the CCNA and CCSP, which provide hands-on configuration of Cisco routers, switches, and security devices More information on his bootcamp classes can be found at http://home.cfl.rr.com/ dealgroup/ About the Technical Editors Matthew Walker is the IA training instructor supervisor and a senior IA analyst at Dynetics, Inc., in Huntsville, Alabama An IT education professional for more than 15 years, Matt served as the director of the Network Training Center and the curriculum lead and senior instructor for the local Cisco Networking Academy on Ramstein Air Base, Germany After leaving the US Air Force, Matt served as a network engineer for NASA’s Secure Network Systems, designing and maintaining secured data, voice, and video networking for the agency He has written and contributed to numerous technical training books for Air Education and Training Command, Keesler Air Force Base, Mississippi, and continues to train certification and college-level IT and IA security courses Matt holds numerous commercial certifications, including Cisco Certified Network Professional (CCNP), Microsoft Certified System Engineer (MCSE), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), and Certified Pen Test Specialist (CPTS) Copyright © 2008 by The McGraw-Hill Companies Click here for terms of use Angie Walker is currently the manager of the Information Systems Security (ISS) Office for the Missile Defense Agency (MDA) South, as well as the lead for the MDA Alternate Computer Emergency Response Team (ACERT) Among her many positions throughout the course of her 20-plus years in information technology and information assurance are superintendent of the United States Air Forces in Europe (USAFE) Communications and Information Training Center; Superintendent of the 386 Communications Squadron on Ali Al Saleem Air Base, Kuwait; and Senior Information Security Analyst for Army Aviation Unmanned Aircraft Systems She holds several industry certifications, including CISSP, Network +, and Security +, and a master’s degree in Information Systems Management With more than nine years of IT and IA educational experience, she has developed and taught courseware worldwide for the US Air Force and several computer science courses as an instructor for the University of Alabama at Huntsville and Kaplan University in Fort Lauderdale, Florida For more information about this title, click here CONTENTS Foreword Preface Acknowledgments Introduction xxiii xxiv xxix xxx Part I Introduction to Networking Networks Introduction to Networks Network Characteristics Components Network Locations Local Area Networks Wide Area Networks Network Topologies Physical and Logical Topologies Fully and Partially Meshed Topologies Introduction to Network Security Classes of Attacks Common Threats and Mitigation ✓ Two-Minute Drill Q&A Self Test Self Test Answers 4 7 11 12 13 14 15 21 23 25 OSI Reference Model 27 Introduction to the OSI Reference Model Layers of the OSI Reference Model Layer 7: The Application Layer Layer 6: The Presentation Layer Layer 5: The Session Layer Layer 4: The Transport Layer Layer 3: The Network Layer 28 29 31 31 32 33 41 vii viii CCNA Cisco Certified Network Associate Study Guide Layer 2: The Data Link Layer Layer 1: The Physical Layer Devices Encapsulation and De-encapsulation Going Down the Protocol Stack Going Up the Protocol Stack Layers and Communication ✓ Two-Minute Drill Q&A Self Test Self Test Answers 46 51 52 53 55 56 57 62 64 67 Layer LAN Technologies 69 Ethernet Evolution and Standards Ethernet Operation Ethernet Implementations Framing Addressing Bit Values Power of Hexadecimal Conversion MAC Addresses Ethernet Connections Cabling Types Ethernet Media Types ✓ Two-Minute Drill Q&A Self Test Self Test Answers 70 71 72 73 78 78 79 80 81 82 82 89 94 95 97 Bridges and Switches 99 Problems and Limitations of Ethernet Distance and Extension of LANs Collisions, Collision Domains, and Congestion Solutions to Collision Problems Bridges Switches Bridges versus Switches Methods of Switching Duplexing Switching Functions Learning Function Forwarding Function 100 100 101 102 102 105 105 107 109 111 112 114 Contents Loops ✓ Two-Minute Drill Q&A Self Test Self Test Answers Wireless ix 121 124 125 127 129 Wireless LAN Technologies Narrowband, Broadband, and Packet Data Solutions CSMA/CA Radio Frequency Transmission Factors WLAN Standards RF Bands 802.11 Standards WLAN Security WLAN Client Access to the Network Security Solutions WLAN Implementation Access Modes Coverage Areas Data Rates WLAN Devices Access Points Clients Troubleshooting ✓ Two-Minute Drill Q&A Self Test Self Test Answers 130 130 131 132 133 133 134 136 136 137 141 142 143 144 145 145 146 146 150 152 155 Part II TCP/IP Protocol Suite TCP/IP and the Internet Layer 159 TCP/IP Protocol Stack Internet Layer Introduction to TCP/IP Addressing TCP/IP Internet Protocols DHCP ARP ICMP 160 160 163 168 168 170 176 Index remote access, overview of, 568 router configuration files, creating/deleting, 557 router configuration files, exercise manipulating, 560–561 router configuration files, nomenclature for, 558–559 router configuration files, restoring, 556–557 router configuration files, saving, 554–555 router configuration files, summary table, 559 self test, 594–597 SSH configuration, 570–571 summary, 591 telnet for connectivity testing at application layer, 584–587 traceroute for connectivity testing, 582–584 troubleshooting, 571–572 two-minute drill, 592–593 devices adding, 562 changing, 562 data link layer, 45–46 network layer, 41, 478 OSI layers corresponding to, 52 physical layer, 52 DH (Diffie-Hellman) protocol, 881–882, 884 DHCP (Dynamic Host Configuration Protocol) client/server models, 168 four-step process of address acquisition, 286–287 overview of, 168–170, 284 steps in acquiring DHCP address, 169–170 DHCP servers CLI for configuring, 616–619 CLI for verifying configuration, 619–620 SDM for configuring, 615–616 SDM for verifying configuration, 619–620 DHCPv6 overview of, 829–830 stateless autoconfiguration, 830 dial-on-demand routing (DDR), 740 Diffie-Hellman (DH) protocol, 881–882, 884 Diffusing Update Algorithm (DUAL) EIGRP using for updates, 711–712 K-values, 713 digital signatures, HMAC, 882 Digital Subscriber Line (DSL), 8–9, 850 Dijkstra, Edsger W., 486 dir command, 564 Direct Sequence Spread Spectrum (DSSS), 135 directed broadcast addresses determining in IP addressing, 208, 217–218 overview of, 196–197 disable command, returning to User EXEC mode from Privilege EXEC mode, 311 disabled state, STP ports, 446 discontiguous subnets, 241 distance vector protocols advertising updates, 484 convergence problems, 490–495 convergence solutions, 496 default routes and, 635 EIGRP See EIGRP (Enhanced Interior Gateway Routing Protocol) overview of, 484 processing updates, 485 routing loop problems, 496–498 routing loop solutions, 498–502 distributed attacks, 14 DIX implementation, Ethernet, 70 DNS (Domain Name System) name resolution in end-toend delivery, 287–289 overview of, 284 resolving IP addresses, 167 router configuration and, 537–538 unreliable connections and, 35 domains broadcast domains, 48, 81 collision domains, 72, 101–102 default gateways forwarding traffic across, 283–284 VTP, 404 DoS attacks, 18 dotted decimal notation in IP addressing, 43 network and host numbers and, 194 for subnet masks, 199 dotted hexadecimal notation, MAC addresses in, 48 down state, OSPF routing, 676 DRs (designated routers), OSPF, 676–678 DSL (Digital Subscriber Line), 8–9, 850 DSSS (Direct Sequence Spread Spectrum), 135 DTE (data termination equipment) circuit-switched networks and, 853 DTE to DCE connections, 84 Frame Relay and, 854 leased lines and, 851 terminating WAN connections, 51–52 WAN cabling and, 856 WAN equipment and components, 848 DTP (Dynamic Trunk Protocol) configuring trunks, 415–416 managing VLANs with, 412 DUAL (Diffusing Update Algorithm) EIGRP using for updates, 711–712 K-values, 713 dual stacking option, integrating IPv4 and IPv6, 832–833 duplexing sending/receiving frames, 109–111 speed and duplexing for Ethernet interfaces, 329 DWDM (dense WDM), 87 Dynamic Host Configuration Protocol See DHCP (Dynamic Host Configuration Protocol) dynamic NAT configuring, 798–799 exercise configuring, 808–810 overview of, 789–790 dynamic routes, 479–480 dynamic routing protocols distance vector protocols, 484–485 hybrid protocols, 489 inside the exam, 662 link state protocols, 486–488 network command, 644–645 overview of, 482–483, 642–643 RIP See RIP (Routing Information Protocol) router command, 643 routing metrics and, 483–484 self test, 665, 667 static routes compared with, 632 summary, 663 two-minute drill, 664 Dynamic Trunk Protocol (DTP) configuring trunks, 415–416 managing VLANs with, 412 971 dynamic VLANs, 394–395 dynamically assigned ports, 267 E e-mail, application layer programs, 31 EAP (Extensible Authentication Protocol) comparing WLAN security solutions, 137 extensions, 139 overview of, 139–140 EAP-FAST, 139 EAP-GTC, 139 EAP-MD5, 139 Easy VPN, 878 EBCDIC (Extended Binary-Coded Decimal Interchange Code), 32 ECSA (Exchange Carriers Standards Association), 88 EDFA (erbium-doped fiber amplifier), 88 editing control sequences, for IOS devices, 317–318 EGP (Exterior Gateway Protocol), 480 EIGRP (Enhanced Interior Gateway Routing Protocol), 709–734 AS (autonomous systems) and, 480–481 administrative distance and, 482 bandwidth assigned to router interfaces, 534 classless protocols, 635 configuring, 716 debug eigrp packets command, 730 debug ip eigrp command, 729–730 example configuring, 716–717 as hybrid routing protocol, 489 inside the exam, 731 load balancing and, 718–720 metrics and interoperability, 711 neighbor authentication, 721–722 neighbor relationships, 713–714 overview of, 710–711 route selection, 714–716 route summarization, 238–239, 720–721 routing metrics, 483–484 routing tables and updates, 711–712 self test, 734–736 972 CCNA Cisco Certified Network Associate Study Guide EIGRP (Cont.) show ip eigrp interfaces command, 728–729 show ip eigrp neighbors command, 725–726 show ip eigrp topology command, 727–728 show ip eigrp traffic command, 729 show ip protocols command, 723–724 show ip route command, 724–725 summary, 731–732 terminology, 714 troubleshooting, 723 two-minute drill, 733 VLSM support, 228–229 electrical issues, IOS security, 331 electromagnetic interference (EMI) comparing copper and fiber cabling, 101 fiber-optic cabling and, 86 EMI (electromagnetic interference) comparing copper and fiber cabling, 101 fiber-optic cabling and, 86 enable command, for accessing Privilege EXEC mode, 311 encapsulation command, 542 encapsulation/de-encapsulation Frame Relay configuration, 915–916 IPv6 and, 822 layers and communication, 57–59 overview of, 52–54 PPP, 861 processing information down protocol stack, 55–56 processing information up protocol stack, 56–57 WANs (wide area networks), 856–857 encapsulation ppp command, 865, 867 Encapsulation Security Protocol (ESP), 884 encryption IOS passwords, 334–335 key-based encryption in IPSec, 881–882 WEP and, 138–139 WLAN security and, 137 WPA and, 140–141 end-to-end delivery inside the exam, 293 PC-A acquiring addressing information, 286–287 PC-A resolving PC-B’s name, 287–289 PC-A sending TCP SYN to PC-B, 290–291 PC-B sending TCP SYN/ ACK to PC-A, 292 segments, 285 self test, 295, 297 summary, 293 two-minute drill, 294 Enhanced Interior Gateway Routing Protocol See EIGRP (Enhanced Interior Gateway Routing Protocol) environmental threats IOS security, 331–332 network threats, 16 equal-cost load balancing, in RIPv1, 647 equipment, WANs, 848–849 erase startup-config command, 310 erbium-doped fiber amplifier (EDFA), 88 error messages, IOS, 314–315 error reporting, session layer and, 33 ESA (Extended Service Area), WLAN coverage, 143–144 ESP (Encapsulation Security Protocol), 884 ESS (Extended Service Set), 142–143 established keyword, for TCP connections, 762 EtherChannels configuring, 464 inside the exam, 466 modes, 464 operations, 463–464 overview of, 462 restrictions, 462–463 self test, 470–473 summary, 467 two-minute drill, 468–469 Ethernet addressing, 78 bit values, in conversion of MAC addresses, 78–79 cable options, 82–84 connections, 82 CSMA/CD, 71–72 disadvantages of use for LAN networks, 100–101 evolution and standards, 70–71 fiber-optic cabling, 86–89 framing, 73–74 GBICs, 91–92 hexadecimal conversion, 80–81 IEEE 802.2, 75–77 IEEE 802.3, 74–75 implementation variants, 72–73 inside the exam, 92 LAN media, as layer standard, 282 MAC addresses and, 81 media types, 89 NICs, 396 physical and logical topologies and, 11–12 physical layer properties of, 89–91 process of cabling devices, 84–86 self test, 95–98 speed and duplexing for Ethernet interfaces, 329 summary, 93 translational bridging and, 45–46 trunking methods, 396–397 two-minute drill, 94 Ethernet II comparing Ethernet implementations, 73 frames, 73–74 overview of, 77–78 ETSI (European Telecommunication Standards Institute), 133 EUI-64 (extended unique identifier 64), 828–829 Exchange Carriers Standards Association (ECSA), 88 exchange process, OSPF routing, 676 exchange protocol, for sharing routing information, 678–680 exchange state, in exchange protocol, 678 exit command, IOS device, 312 exstart state in exchange protocol, 678 OSPF routing, 678 Extended Binary-Coded Decimal Interchange Code (EBCDIC), 32 extended numbered ACLs command syntax for, 760 comparing with standard, 742 example of extended IP ACL, 764–765 for ICMP, 763 overview of, 759 placement of, 774 for TCP or UDP, 761–763 types of ACLs, 741 Extended Service Area (ESA), WLAN coverage, 143–144 Extended Service Set (ESS), 142–143 extended unique identifier 64 (EUI-64), 828–829 Extensible Authentication Protocol See EAP (Extensible Authentication Protocol) Exterior Gateway Protocol (EGP), 480 F Fast Ethernet, 358 FCC (Federal Communications Commission), 133 FCS (field checksum sequence) bridges checking validity of, 102 CRC and, 108 Ethernet frames and, 75 FDDI, 11–12 feasible successors, EIGRP routing, 715 Federal Communications Commission (FCC), 133 fiber-optic cabling 2960 switches and, 358 connections, 89 distance of transmission, 87–88 singlemode and multimode, 86–87 transmission standards, 88 UTP and coaxial compared with, 89 WDM and, 87 field checksum sequence See FCS (field checksum sequence) files IOS image files See image files, IOS locations, 558 SDM, 602 firewalls address translation and, 786 configuring for SDM, 609 mitigation of DoS attacks, 18 flapping, WAN links, 488 flash router configuration, 514 saving configuration files to, 555 flooding, 436 flow control, transport layer, 260–261 overview of, 37 ready/not ready signals, 37–38 TCP and, 273–274 windowing, 38–41, 273–274 forwarding function of bridges/switches, 103–104 broadcast and multicast frames and, 115–116 defined, 111 example of switch forwarding, 116–121 frame types and, 114–116 overview of, 114–116 switch example, 116–121 forwarding state, STP ports, 446 fragment-free switching, 108–109 Index frame format, PPP, 861–862 Frame Relay, 896–952 configuring, 915 configuring with subinterfaces, 937 congestion control, 914–915 DCCIs and, 907–911 encapsulation configuration, 915–916 example using multipoint subinterfaces, 938–939 example using point-topoint subinterfaces, 939–941 exercise configuring, 927–929 exercise configuring with subinterfaces, 941–943 inside the exam, 943–944 LMI, 905–907, 917–920 overview of, 896 packet-switched connections and, 854–855 PVC See PVC self test, 948–951 summary, 944–945 terminology, 903–904 two-minute drill, 946–947 VC data rates, 911–913 virtual circuits See VCs (virtual circuits) frame types, HDLC, 858 frames duplexing and, 109–111 encapsulation/deencapsulation process and, 56 forwarding function and, 114–116 IEEE 802.2, 75 IEEE 802.3, 73–74 multiple frame copies and broadcast storms, 436–437 PDU terminology for data link layer, 53 runt frames, 109 FTP (File Transfer Protocol), 5, 31 full-duplex connections, 110–111 full state, in exchange protocol, 679 fully-meshed design, 12, 896–898 G gateway of last resort, static routes, 479 GBICs (gigabit interface converters), 91–92 generator, backup for protection against power interruption, 15 Gigabit Ethernet, 91, 358 gigabit interface converters (GBICs), 91–92 global addresses, IPv6, 827–828 Global Configuration mode ACLs created in, 740 address translation type definition, 795 overview of, 323–324 service password-encryption command, 334 global-to-local address translation, 804 graphical user interface See GUI (graphical user interface) graphics, at presentation layer, 32 GUI (graphical user interface) for configuring access points, 145 SDM See SDM (Security Device Manager) Web browsers using, 31 High-Speed Serial Interfaces (HSSI), 860 HMAC (hashed message authentication code), 882–883 hold down timer, routing loop solutions, 499–502 home page, SDM, 607–608 hop count, as metric in RIP, 646 host addresses determining, 209, 217–218 network numbers and, 196 overview of, 164, 197 planning, 204–205 subcomponents of host component, 196–197 host numbers, 194 hostname command, 322, 574 hot-swappable, 92 HSSI (High-Speed Serial Interfaces), 860 HTTP (Hypertext Transfer Protocol), 5–6, 31 hubs collision problems and, 102 dealing with limitations in signal strength and noise, 100–101 physical layer, 52, 282 hybrid routing protocols EIGRP See EIGRP (Enhanced Interior Gateway Routing Protocol) overview of, 489 RIPv2, 648 Hypertext Transfer Protocol (HTTP), 5–6, 31 Hz (hertz), RF bands and, 134 973 IEEE 802.3, 73–74, 74–75 comparing Ethernet implementations, 73 IEEE 802.3z, 91 IEEE (Institute of Electrical and Electronic Engineers) Ethernet standards, 70–71 WLAN standards, 133 IETF (Internet Engineering Task Force), 785 IFS (IOS File System), 558 IGP (Interior Gateway Protocol), 480 IGRP (Interior Gateway Routing Protocol) classful protocols, 635 EIGRP based on, 710 interoperability with EIGRP, 711 IKE (Internet Key Exchange Protocol), 884 image files, IOS backing up, 566 loading, 566–568 managing, 311 naming conventions, half-duplex connections, 109–110 564–565 handshake process, 35 overview, 563–564 hardware interfaces, for IOS upgrading, 565 devices, 305 IMAP4 (Internet Message Access hardware, IOS security and, 331 Protocol version 4), hardware, router configuration implicit deny, ACLs, 744 NVRAM, 514 in-band connections, IOS, 303 overview of, 512 inactivity timeout, IOS devices, RAM, 513 324–325 ROM, 512–513 inbound ACLs, 741 hashed message authentication incremental updates, EIGRP code See HMAC (hashed support for, 712 message authentication code) Independent Basic Service Set HDLC (High-Level Data Link (IBSS), 142 Control) index of refraction (IOR), 87 configuring, 859–860 Industrial, Scientific, and Medical encapsulation methods, (ISM), RF bands, 134 856–857 infrastructure mode, WLAN access I/O (input/output) addresses, 82 frame types, 858 and, 142 IANA (Internet Assigned inside the exam, 885 Numbers Authority), 166–167, init state, OSPF routing, 676 overview of, 858 inside parameter, ip nat command, 481, 784 self test, 890, 892 796–797 IBSS (Independent Basic Service summary, 886–887 insider attacks, 14 Set), 142 two-minute drill, 888 Institute of Electrical and ICMP flooding, 18 hello packets, EIGRP, 712, 713 Electronic Engineers See IEEE ICMP (Internet Control Message help command, 313–314 (Institute of Electrical and Protocol) hertz (Hz), RF bands and, 134 Electronic Engineers) echo messages and ping, 179 hexadecimal notation Integrated Services Digital filtering with extended bit values in hexadecimal Network See ISDN (Integrated numbered ACLs, 763 addressing, 78–79 Services Digital Network) overview of, 176 converting, 80–81 integrity ICSA (International Computer IPv6 addresses, 823 HMAC, 882–883 Security Association), 611 MAC addresses, 48 IPSec services, 880 IDs (identity), OSPF requiring for subnet masks, 199 interface command, 327 unique IDs, 674–675 hierarchical addressing, route interface connectors, physical IDS/IPS tools, 17, 19 summarization, 238–239 layer, 52 IEEE 802.2 hierarchical design, 434–436, interface encapsulation, router-oncomparing Ethernet 671–673 a-stick, 541–542 implementations, 73 High-Level Data Link Control See interface loopback command, frames, 75 HDLC (High-Level Data Link 683–684 overview of, 75–77 Control) H I 974 CCNA Cisco Certified Network Associate Study Guide interfaces See also NICs (Network Interface Cards) configuring, 327–330 connections for switches and routers, 303 hardware interfaces, 305 nomenclature for switches and routers, 305–306 router configuration, 521 routers, 514 SDM for configuring, 609, 613–614 troubleshooting, 343–345 viewing information, 342–343 Interior Gateway Protocol (IGP), 480 Interior Gateway Routing Protocol See IGRP (Interior Gateway Routing Protocol) Intermediate System-Intermediate System See IS-IS (Intermediate System-Intermediate System) International Computer Security Association (ICSA), 611 International Organization for Standardization (ISO), 28 International Telecommunication Union-Radio Communication Sector (ITU-R), 133 Internet Assigned Numbers Authority (IANA), 166–167, 481, 784 Internet Control Message Protocol See ICMP (Internet Control Message Protocol) Internet Engineering Task Force (IETF), 785 Internet Key Exchange Protocol (IKE), 884 Internet layer, TCP/IP ARP (Address Resolution Protocol), 170–171 arp command, 182–183 DHCP, 168–170 DNS, 167 ICMP, 176 inside the exam, 183 Internet protocols, 168 ipconfig command, 177–179 overview of, 160–161, 160–163 ping command, 179–181 public and private addresses, 166–167 RARP, 176 self test, 188–191 single segment ARP example, 171–172 summary, 184–185 tracert command, 181–182 two-minute drill, 186–187 two-segment ARP example, 172–175 utilities for Windows PCs, 177 physical and environmental Internet Message Access Protocol threats, 331–332 version (IMAP4), router and switch Internet Security Association and connections, 303 Key Management Protocol router interface (ISAKMP), 883 nomenclature, 306 Internetwork Packet Exchange routers, 31 (IPX), 28, 43 running configuration and interrupt request line (IRQ), 82 startup configuration, InterSwitch Link (ISL), 396–397, 338–340 401 self test, 353–355 intrusion detection, mitigation of show and debug DoS attacks, 18 commands, 337 intrusion prevention system (IPS), show history command, 317 137, 609 subconfiguration modes, inverse ARP, 924 323–324 IOR (index of refraction), fibersummary, 349–350 optic cabling, 87 switch interface IOS File System (IFS), 558 nomenclature, 305 IOS (Internetwork Operating two-minute drill, 351–352 System) version information, CLI access modes, 310–312 341–342 CLI (command-line ip access-group command, 749–750 interface), 308–310, ip address command, 368, 684 326–327 command abbreviation and IP addresses, 820–821 acquiring in end-to-end completion, 312–313 delivery, 286–287 command entry, 315–317 address translation See commands for router address translation configuration See Class A subnet masks, commands (IOS), for 200–201 router configuration Class B subnet masks, 201 configuration, 321–322 Class C subnet masks, console connection, 201–202 303–305 classes, 164–166, 195 context-sensitive help, components of, 196 313–314 determining IP address device configuration, components, 211–217 302–303 determining type of address, device identification, 217–218 322–323 directed broadcast device management See addresses, 208 device management, IOS DNS for address device startup, 307–308 resolution, 167 editing control sequences, host addresses, 197, 209 for devices, 317–318 inside the exam, 218–219 error messages, 314–315 network addresses, example of features, planning, 206–207 319–321 network and directed exercise using CLI for router broadcast addresses, configuration, 346–348 196–197 hardware interfaces, 305 network and host image files See image files, boundaries, 195 IOS network and host inactivity timeouts, requirements, 204–205 324–325 inside the exam, 348–349 overview of, 163, 194 interface configuration, planning, 203, 210 327–330 public and private addresses, interface information, 166–167 342–343 reserved addresses, 820 interface, troubleshooting, route summarization See 343–345 route summarization line command for router configuration and, configuring, 324 532–534 login banners, 335 self test, 222–225 passwords, 332–335 subnet masks, 197–200, 206 summary, 219 switch configuration and, 367–368 two-minute drill, 220–221 types of, 163–164 VLSM See VLSM (Variable Length Subnet Masks) ip classless command, 636 ip default-gateway command, 368 ip host command, 538 ip http authentication command, 604 ip http secure-server command, 604 ip http server command, 604 ip http timeout command, 604 IP (Internet Protocol) ACLs for See ACLs (access control lists), for IP datagrams, 162–163 functions of, 161–162 ip name-server command, 537, 835 ip nat command, 796–797 ip nat inside source list command, 798–799 ip nat inside source static command, 797 ip rip send command, 650 ip subnet-zero command, 536 ipconfig command checking IP address assignment, 289 examples using, 178–179 options, 177 troubleshooting RIP, 660 troubleshooting static routes, 640–642 IPS (intrusion prevention system), 137, 609 IPSec (IP Security) authentication methods, 883 components, 881 HMAC integrity functions, 882–883 IPv6 and, 822 key-based encryption, 881–882 overview of, 880–884 protocols, 883–884 services, 880 VPN technologies, 876 IPv4 See also IP addresses IPv6 compared with, 820 running out of addresses, 784 IPv6, 819–844 address format, 823 address shortages and, 784, 820–821 anycast addresses, 824–825 DHCPv6 and, 829–830 dual stacking option, 832–833 enabling and assigning addresses, 834–835 Index features, 821 global addresses, 827–828 implementation strategies, 831–832 inside the exam, 837 manual tunneling, 833–834 multicast addresses, 825 private addresses, 826–827 reasons for using, 821 RIPng, 831, 835–836 routing and, 830 routing protocols supported by, 831 self test, 841–844 static address assignment, 829 summary, 838 two-minute drill, 839–840 types of, 824 unicast addresses, 826 ipv6 address command, 834 ipv6 host command, 835 ipv6 router rip tag command, 835–836 ipv6 unicast-routing command, 834 IPX (Internetwork Packet Exchange), 28, 43 IRQ (interrupt request line), 82 IS-IS (Intermediate SystemIntermediate System) AS (autonomous systems) and, 480–481 classless protocols, 635 as link state protocol, 486 route summarization support, 238–239 VLSM support, 228–229 ISAKMP (Internet Security Association and Key Management Protocol), 883 ISDN (Integrated Services Digital Network) BRI and PRI, 852 PPP working with ISDN serial interfaces, 860 WAN connection types, 850 ISL (InterSwitch Link), 396–397, 401 ISM (Industrial, Scientific, and Medical), RF bands, 134 ISO (International Organization for Standardization), 28 ITU-R (International Telecommunication UnionRadio Communication Sector), 133 J jam signals, collision detection and, 72 Java Runtime Environment (JRE), SDM requirements, 601 Java, SDM requirements, 601 JRE (Java Runtime Environment), SDM requirements, 601 Link Aggregation Protocol (LACP), 463 link-local private addresses, 826–827 link state advertisements (LSA), 486, 675, 679 link state protocols K-values, DUAL algorithm, 713 advantages of, 487–488 key-based encryption, IPSec, advertising routing updates, 881–882 486–487 key chain command, EIGRP convergence, 490 authentication, 721 disadvantages of, 488 key-string command, EIGRP OSPF See OSPF (Open authentication, 721 Shortest Path First) overview of, 486 routers, 486–488 links, OSPF routing, 679 listening state, STP ports, 446 L2TP (Layer LLC (Logical Link Control), 73 TunnelingProtocol), 876 LMI LACP (Link Aggregation configuring, 917 Protocol), 463 overview of, 905–907 LAN-to-LAN VPNs, 877 troubleshooting, LANs (local area networks) See 917–920 also WLANs (wireless LANs) load balancing components in, 70 EIGRP routing, 718–720 distance and extension of, equal-cost load balancing in 100–101 RIPv1, 647 Ethernet See Ethernet OSPF routing, 673 overview of, load, EIGRP metrics, 714 scale of, 70 loading state, in exchange protocol, WANs, 7–8 678–679 wireless See WLANs local ARP table, 572–573 (wireless LANs) local broadcast address, MAC Layer TunnelingProtocol addresses, 81 (L2TP), 876 local-to-global address translation, layers, OSI See also by individual 803–804 layers logging synchronous communication and, 57–59 command, 327 devices and corresponding Logical Link Control layers, 52 (LLC), 73 overview of, 29–30 logical network topologies, 10 layers, TCP/IP, 160–161 logical segments, 48, 81, 102 LCP, PPP components, 862–863 login banners, IOS security LEAP (Lighweight EAP), 139 and, 335 learning function login local command, 571 bridges/switches, 103, logout command, 312 112–113 LOH (line overhead), fiber-optic CAM and, 112–113 cabling, 88 defined, 111 loopback interfaces, OSPF routing, mislearning MAC addresses, 683–684 436–437 loops See also STP (Spanning Tree switch configuration and, Protocol) 372–373 of bridges/switches, learning state, STP ports, 446 104–105 leased-line connections, WANs, defined, 111 850–852 identifying in STP, 465 LEDs (light-emitting diodes), 82, mislearning MAC addresses 360–361 and, 438 Lighweight EAP (LEAP), 139 overview of, 121–122 line command, 324 LOptcrack, password-cracking line overhead (LOH), fiber-optic program, 17 cabling, 88 loss factor, fiber-optic cabling, 88 lines LSA (link state advertisements), management access and, 514 486, 675, 679 router and switch connections, 303 K L 975 M MAC address spoofing, 138 MAC address table, 372 MAC (Media Access Control) addresses bit values, in conversion of, 78–79 broadcast addresses, 50–51 data link layer and, 48–49, 283 Ethernet and, 78 filtering, 138 Layer addressing compared with, 42–43 learning function and, 112–113 mislearning, 436–437 multicast addresses, 50 overview of, 81 port address tables, 103 port security and, 375 switch configuration and, 372–373 unicast addresses, 49–50 macrobending, fiber-optic cabling, 88 maintenance threats, 16, 332 management VLAN, 412 MANs (metropolitan area networks), 848 manual tunneling, 833–834 maximum hop count, for routing loop problems, 498 maximum transmission unit (MTU), 484, 711, 714 MD5 (Message Digest 5) CHAP and, 868 EIGRP authentication, 721 IPSec support for HMAC functions, 882 OSPF authentication, 686–687 media for building networks, CDP supported, 573 for LANs, Media Access Control See MAC (Media Access Control) addresses media types, Ethernet, 89 megahertz (MHz), RF bands and, 134 membership, VLANs, 394–395 meshed topologies, full and partial meshes, 12 Message Digest See MD5 (Message Digest 5) message of the day (motd), 335–336 messages, VTP, 406–408 Metasploit, hacking tool, 14 metrics EIGRP, 711 OSPF, 673–674, 685–686 976 CCNA Cisco Certified Network Associate Study Guide metrics (Cont.) RIP, 646 routing metrics, 483–484 metropolitan area networks (MANs), 848 MHz (megahertz), RF bands and, 134 microbending, fiber-optic cabling, 88 microsegmentation, 106 Mini-IOS, 513 mitigation physical installation threats, 16 reconnaissance attacks, 16–17 threats, 15 MMF (multimode fiber), 86–87 MODE button, 2960 switches, 360–361 modems dial-up services, 852 WAN equipment and components, 848–849 modes, VTP, 405–406 motd (message of the day), 335–336 motivation, of network attackers, 14 MTU (maximum transmission unit), 484, 711, 714 multicasts BPDUs as multicast frames, 439 EIGRP support for multicast updates, 712 IPv6 addresses, 825 MAC addresses, 50, 115–116 multiple frame copies and broadcast storms, 436 RIPv2, 648 VLANs and, 393 multimode fiber (MMF), 86–87 multiplexing application mapping and, 268–269 connection, 36 TCP/IP and, 262 multipoint subinterfaces, 938–939 N NAC (network access control), 609 named ACLs, 765–767 creating, 766 example of, 767 overview of, 765 types of ACLs, 741 NAPT (network address port translation), 790 See also PAT (Port Address Translation) narrowband, WLANs, 130–131 NAT (Network Address Translation) configuring, 795 dynamic NAT, 789–790, 798–799, 808–810 overview of, 787 RFC 1631, 786 SDM and, 609 static NAT, 788–789, 796–797, 806–807 NAT-PT (Network Address Translation-Protocol Translation), 822 NBMA (non-broadcast multiaccess) inside the exam, 944 overview of, 930 self test, 949, 951 split horizons, 931–934 subinterfaces, 934–937 summary, 944–945 topology types, 931 two-minute drill, 947 NCP, PPP components, 862–863 neighbors, CDP device neighbor information, 575–576 show cdp neighbors command, 575–576 neighbors, EIGRP authentication, 721–722 relationships, 713–714 neighbors, OSPF routing finding, 675–676 show ip ospf neighbor command, 692 NetSim simulator, 560–561, 637–639 netstat command, 288 network access control (NAC), 609 network access layer, TCP/IP, 160–161 network address port translation (NAPT), 790 See also PAT (Port Address Translation) Network Address Translation See NAT (Network Address Translation) Network Address TranslationProtocol Translation (NAT-PT), 822 network addresses determining, 206–207, 217–218 network numbers and, 196 network-aware applications, 5, 31 network command classful routing and, 649 dynamic routing protocols and, 644–645 EIGRP configuration, 716–717 specifying interfaces for OSPF, 681 viewing networks specified with, 653 network components, TCP/IP IP addresses, 164, 196 layer 1, 282 layer 2, 282–283 layer 3, 283–284 network and host boundaries, 195 planning IP addresses, 204–205 two-minute drill, 294, 295–298 network connections, physical layer and, 51 Network File System (NFS), 33 Network Interface Cards See NICs (Network Interface Cards) network layer (layer 3), 41–46 addressing, 42–43 components, 283–284 overview of, 41–42 routers See routers routing tables, 43–44 tools for troubleshooting, 46 network numbers dotted decimal notation and, 194 route summarization and, 235 routers and, 478 VLANs and, 392 network security access attacks, 17 attack types, 14–15 defined, DoS attacks, 18 inside the exam, 19 overview of, 12–13 physical threats, 15–16 reconnaissance attacks, 16–17 self test, 24–26 threats and mitigation, 15 two-minute drill, 22 Network Terminator Type (NT1), 848 Network Time Protocol (NTP), 393, 722 network topologies defined, fully and partially meshed, 12 inside the exam, 19 overview of, 9–10 physical and logical, 10 self test, 23–25 two-minute drill, 21 networks characteristics considered in design and maintenance, 4–5 components, 5–7 inside the exam, 19 LANs See LANs (local area networks) locations, MANs (metropolitan area networks), 848 overview of, self test, 23, 25 two-minute drill, 21 VLANs See VLANs (virtual LANs) WANs See WANs (wide area networks) WLANs See WLANs (wireless LANs) NFS (Network File System), 33 NICs (Network Interface Cards) carrier sense and multiple access, 71 LAN adapters, 82 layer components, 282 MAC addresses for, 48 physical layer and, 51 no ip route command, 652 non-broadcast multi-access See NBMA (non-broadcast multiaccess) NT1 (Network Terminator Type 1), 848 NTP (Network Time Protocol), 393, 722 numbered ACLs creating, 745–746 extended See extended numbered ACLs standard See standard numbered ACLs types of ACLs, 741 NVRAM (nonvolatile RAM) restoring configuration files, 556–557 router configuration, 514 saving configuration files to, 554–555 viewing configuration files in, 339–340 O octets, in IP addressing, 43 OFDM (Orthogonal Frequency Division Multiplexing), 135 one-time passwords (OTPs), 17 one-to-the-nearest address (anycast), 825 open authentication, 802.11, 137 Open Shortest Path First See OSPF (Open Shortest Path First) Open System Interconnection See OSI (Open System Interconnection) optical amplifiers, fiber-optic cabling, 88 organizationally unique identifier (OUI), 48, 81 Orthogonal Frequency Division Multiplexing (OFDM), 135 Index OSI (Open System Interconnection), 28–68 communication and, 57–59 devices and corresponding layers, 52 encapsulation and de-encapsulation, 52–54 inside the exam, 60 introduction to, 28–29 layer See physical layer (layer 1) layer See data link layer (layer 2) layer See network layer (layer 3) layer See transport layer (layer 4) layer See session layer (layer 5) layer See presentation layer (layer 6) layer See application layer (layer 7) layers, generally, 29–30 PDU terminology, 53 processing information down protocol stack, 55–56 processing information up protocol stack, 56–57 self test, 64–68 summary, 61 TCP/IP compared with, 161 troubleshooting commands, 572 two-minute drill, 62–63 OSPF (Open Shortest Path First), 669–708 AS (autonomous systems) and, 480–481 administrative distance and, 482 areas for hierarchical design, 671–673 authentication, 686–687 bandwidth assigned to router interfaces, 534 classless protocols, 635 configuring, 681–683 debug commands, 693–695 default routes, propagating, 684 designated and backup designated routers, 676–678 exchange protocol for sharing routing information, 678–680 exercise configuring, 695–697 exercise troubleshooting, 697–699 inside the exam, 700 as link state protocol, 486 loopback interfaces, 683–684 metrics, 483–484, 673–674, 685–686 neighbors, 675–676 overview of, 670–671 route summarization support, 238–239 router identities, 674–675 self test, 704–707 show commands, 688–692 summary, 701 troubleshooting, 688 two-minute drill, 702–703 VLSM support and, 229 OTPs (one-time passwords), 17 OUI (organizationally unique identifier), 48, 81 out-of-band connections, IOS, 303 outbound ACLs, 741 outside parameter, ip nat command, 796–797 overhead, fiber-optic cabling, 88 P packet data encapsulation/ de-encapsulation process and, 55 PDU terminology for network layer, 53 routing, 43 WLANs and, 130–131 packet sniffing attacks, 16–17 packet-switched connections, WANs, 8, 853–855 PAgP (Port Aggregation Protocol), 463 pap chap command, 869 PAP (password authentication protocol), 866–867 PAR (port address redirection), 274, 792–793 partially meshed, network topologies, 12 passive attacks, 14 password attacks, 17 password authentication protocol (PAP), 866–867 password command, 332–334, 571 passwords, 332–335 encryption, 334–335 mitigation of access attacks, 17 overview of, 332 Privilege EXEC password protection, 334 User EXEC password protection, 332–334 PAT (Port Address Translation), 790–793 configuring, 799–800 example using, 791–792 overview of, 790 port numbers for differentiating connections, 790–791 redirection, 792–793 path costs, STP, 443 path overhead (POH), fiber-optic cabling, 88 path routing, administrative distance and, 481 PCS (Personal Communications Service), 131 PDUs (protocol data units), 53 PEAP (Protected EAP), 139 per-VLAN Spanning Tree Plus (PVST+), 441, 449–450, 459–461 permit/deny statements, ACLs ACL actions, 744 activating ACLs and, 750 creating ACLs and, 746 standard IP ACL example, 753 Personal Communications Service (PCS), 131 physical installation, threats to, 15–16 physical layer (layer 1) Ethernet and, 89–91 network components, 282 network topologies, 10 overview of, 51–52 physical segments, MAC addresses and, 48, 81 physical threats, IOS security and, 331–332 ping command examples using, 180–181 extended version, 579–581 ICMP and, 176, 179 options, 180 testing connectivity, 289, 577–579 troubleshooting RIP, 659–660 troubleshooting static routes, 640–642 pinout colors, UTP, 84–86 Plain Old Telephone Service (POTS), 852 POH (path overhead), fiber-optic cabling, 88 point-to-multipoint configuration, omni-directional antennas, 132 point-to-point configuration, directional antennas, 132 point-to-point connections, 110 Point-to-Point Protocol See PPP (Point-to-Point Protocol) point-to-point subinterfaces, 939–941 point-to-point topology, Point-to-Point Tunneling Protocol (PPTP), 876 977 POP3 (Post Office Protocol 3), 5, 31 port address redirection (PAR), 792–793 port address tables, MAC addresses, 103 Port Address Translation See PAT (Port Address Translation) Port Aggregation Protocol (PAgP), 463 port-based VLANs, 394 port-channel load-balance command, 464 PortFast, 448 ports See also lines configuring port security for switches, 375–377 port numbers, 761–762, 790–791 router and switch connections, 303 RSTP roles, 455 security, 375 states, 445–446, 453–454 STP port costs, 442–443 STP priority values, 442–443 TCP and UDP, 267 transport layer assigning, 36 verifying port security for switches, 377–379 Post Office Protocol (POP3), 5, 31 POSTs (power-on self tests) bootup process and, 514 IOS devices, 308 router configuration, 512–513 switch bootup and, 362 POTS (Plain Old Telephone Service), 852 powers of 2, route summarization, 244–245 ppp authentication pap command, 867 ppp pap sent-username command, 867 PPP (Point-to-Point Protocol) authentication, 866 CHAP authentication, 868–869 components, 861 configuring, 863 encapsulation methods, 856–857 exercise configuring, 872–873 exercise troubleshooting, 874–875 frame format, 861–862 inside the exam, 885 LCP and NCP, 862–863 overview of, 860 PAP authentication, 866–867 978 CCNA Cisco Certified Network Associate Study Guide PPP (Cont.) self test, 890–892 summary, 886–887 troubleshooting, 864–865 troubleshooting authentication, 869–871 two-minute drill, 888–889 PPTP (Point-to-Point Tunneling Protocol), 876 pre-shared keys (PSKs), 883 presentation layer (layer 6), 31–32 PRI (Primary Rate Interface), 852 Primary Rate Interface (PRI), 852 private addresses, 785–786 IPv4, 166–167 IPv6, 826–827 as solution to shortage of addresses, 820 Privilege EXEC mode accessing configuration mode from, 322 clear ip route command, 652 CLI access mode, 311 configuration files and, 554 extended ping and, 579–581 overview of, 310 password protection, 334 tracert command and, 582 Protected EAP (PEAP), 139 protocol data units (PDUs), 53 Proxy ARP, 175 pruning, VTP overview of, 408–409 trunking with pruning, 410–411 trunking without pruning, 409–410 PSKs (pre-shared keys), 883 public addresses, IP addresses, 166–167 PuTTY, as terminal emulation program, 364 PVC dynamic resolution of layer remote address to local DLCI numbers, 922–925 inverse ARP, 924 manual resolution of layer remote address to local DLCI numbers, 920–922 overview of, 920 status verification, 925–927 PVRST+, 458 PVST+ (per-VLAN Spanning Tree Plus), 441, 449–450, 459–461 Q QoS (Quality of Service) configuring for SDM, 610 network support and, VLANs and, 394 R radio frequency bands See RF (radio frequency) bands radio frequency interference See RFI (radio frequency interference) RADIUS (Remote Authentication Dial In User Service), 139–140 RAM (random access memory), 513 Rapid STP See RSTP (Rapid STP) rapid transition, in 802.1w, 456 RARP (Reverse ARP), 176 read-only memory (ROM), 512–513 ready/not ready signals, transport layer, 37–38 Ready-to-Send (RTS), CSMA/ CA, 131 reconnaissance attacks, 16–17 redirection, PAT (Port Address Translation), 792–793 redundancy, layer 2, 434–474 EtherChannels and, 462 hierarchical campus design and, 434–436 inside the exam, 466 overview of, 434 summary, 467 two-minute drill, 468–469, 470–473 redundant power supply (RPS), 2960 switches, 358, 360 reflection, signal distortion and, 132 registered ports, 267 remarks, ACLs, 767 remote access overview, 568 SSH configuration, 570–571 SSH vs telnet, 569 VTY (virtual type terminal) and, 740 remote access VPNs Easy VPN, 878 overview of, 878–880 WebVPN, 879–880 Remote Authentication Dial In User Service (RADIUS), 139–140 Remote Monitoring (RMON), 393 Remote Procedure Calls (RPCs), 33 repeaters dealing with limitations in signal strength and noise, 100–101 physical layer, 52 reserved ports, 36 Reverse ARP (RARP), 176 RF (radio frequency) bands available for WLANs, 133–134 regulatory bodies, 133 signal distortion and, 132 RFI (radio frequency interference) comparing copper and fiber cabling, 101 fiber-optic cabling and, 86 WLANs and, 132 ring topology, 10 RIP (Routing Information Protocol), 43 AS (autonomous systems) and, 480–481 administrative distance and, 482 classful protocols, 635 configuring, 649–650 as distance vector protocol, 484 exercise configuring, 651, 656–658 exercise troubleshooting, 659–661 inside the exam, 662 overview of, 647–648 RIPv1, 647–648 RIPv2, 489, 635 route summarization support, 238–239 routing metrics, 483–484 self test, 665–667 summary, 663 two-minute drill, 664 verifying and troubleshooting, 652–656 versions of, 646 VLSM support and, 228–229 RIPng, 831, 835–836 RJ-11 connectors, 84 RJ-45 connectors, 84, 304, 359 RMON (Remote Monitoring), 393 roaming, accessing WLANs and, 137 rollover cables, IOS devices, 304, 359 ROM (read-only memory), 512–513 ROMMON (ROM Monitor), 310, 513, 524–526 root bridge, STP, 440–442 root ports, STP choosing, 451–452 designated ports and, 444–445 port and path costs and, 442–443 selecting, 443–444 root switches designated ports and, 444–445 electing, 451 in STP, 440–442 route poisoning, 499–502 route summarization advantages of, 236–237 CIDR and, 237–238 difficulties, 245–247 EIGRP and, 712, 720–721 examples using, 246 hierarchical addressing and, 238–239 hybrid routing protocols supporting, 489 inside the exam, 250 overview of, 235–236 performing, 243–244, 247–248 powers of and, 244–245 routing and subnet masks, 239–242 routing table, 242–243 self test, 254–257 summary, 250–251 two-minute drill, 252 verifying, 248–249 routed protocols EIGRP support for, 712 routing protocols compared with, 480 routing table for, 653 router command, 643 router identities (ID), OSPF, 674–675 router-on-a-stick example configuration, 542–543 inside the exam, 544 interface encapsulation, 541–542 overview of, 540 self test, 549, 551 subinterface configuration, 540–541 summary, 545 two-minute drill, 547 routers, 477–510 AS (autonomous systems) and, 480–481 address translation and, 786 administrative distance, 481–482 advantages of, 44–46 bridges and switches compared with, 44–46 CLI (command-line interface), 31 collision problems and, 106 connection configuration, 303 convergence problems, 490–495 convergence solutions, 490–495 distance vector protocols, 484–485 dynamic routing protocols, 482–483 encapsulation/deencapsulation process and, 58–59 exercise using CLI, 346–348 Index functions of, 478 hybrid protocols, 489 inside the exam, 499–502 interface nomenclature for, 306 as layer component, 283 link state protocols, 486–488 moving information between network devices, 41 restricting VTY access to, 755 routing loop problems, 496–498 routing loop solutions, 498–502 routing metrics, 483–484 routing tables, 43–44 SDM configuration, 603–605 SDM monitoring, 620–621 SDM requirements and, 602–603 self test, 506–509 serial interfaces on, 329–330 summary, 502–503 two-minute drill, 504–505 types of routes, 479–480 routers, configuring AutoSecure feature, 526–531 bandwidth parameter, 534 bootup process, 515–518 configuration files See configuration files, routers configuration register, 522–526 DNS resolution, 537–538 hardware components, 512 inside the exam, 543–544 IOS commands for, 531, 538–539 IP addressing information, 532–534 memory types, 512–514 router-on-a-stick See router-on-a-stick self test, 548–550 show commands, 535–536, 538 static host configuration, 536–537 subnet zero configuration, 536 summary, 544–545 System Configuration Dialog, 519–522 two-minute drill, 546–547 routes selecting in EIGRP routing, 714–716 types of, 479–480 routing, 631–668 configuring for SDM, 609 dynamic See dynamic routing protocols inside the exam, 662 IPv6 and, 830 metrics, 483–484 overview of, 632 by propaganda, 487 See also link state protocols route summarization and, 239–242 by rumor, 484 See also distance vector protocols self test, 665–667 static See static routes summary, 663 two-minute drill, 664 routing loops, 498–502 counting to infinity solution, 498 example in distance vector protocols, 496–498 route poisoning and hold down timer solutions, 499–502 split horizon solution, 498–509 routing protocols EIGRP See EIGRP (Enhanced Interior Gateway Routing Protocol) IPv6 supported, 831 OSPF See OSPF (Open Shortest Path First) overview of, 480 RIP See RIP (Routing Information Protocol) route summarization and, 238–239 routing table for, 653 VLSM support and, 228–229 routing tables, 43–44, 242–243, 711–712 RPCs (Remote Procedure Calls), 33 RPS (redundant power supply), 2960 switches, 358, 360 RSA keys IPSec encryption methods, 882 IPSec peer validation, 883 SSH configuration and, 571 RSTP (Rapid STP) BPDUs and, 455–456 configuring, 457–458 convergence and, 456–467 inside the exam, 466 overview of, 454–455 port roles, 455 PVST+ for optimization of, 459–461 summary, 467 two-minute drill, 468–473 RTS (Ready-to-Send), CSMA/ CA, 131 running-config file, 338–340, 558 runt frames, 109 RXBOOT mode, 513 979 passwords, 332–335 physical and environmental threats, 331–332 policies, 13 show and debug commands, 337 VPNs and, 877 Security Audit wizard, 609, 611–612 Security Device Manager See SDM (Security Device Manager) security, WLANs SAP (Service Access Point) client access security, identifiers, 73, 76 136–137 scalability EAP, 139–140 IOS advantages, 303 overview of, 136–137 VLANs and, 392–393 SSID and MAC address VPNs and, 877 filtering, 138 scattering, signal distortion WEP, 138–139 and, 132 WPA, 140–141 SDH (Synchronous Digital segmentation, transport layer, Hierarchy), 88 36, 262 SDM (Security Device Manager), segments 600–628 encapsulation/ accessing, 605 de-encapsulation process configuration screens, and, 55 609–610 end-to-end delivery, 285 configuring access PDU terminology for points, 145 transport layer, 53 DHCP servers, configuring, TCP segment 615–619 components, 264 DHCP servers, verifying, transport layer and, 262 619–620 UDP segment files, 602 components, 265 as GUI for Cisco routers, 31 windowing and, 38 home page, 607–608 serial connections inside the exam, 622 for circuit-switched interfaces, 613–614 networks, 852 overview of, 600–601 VC supported, 902–903 PC requirements, 601 serial interfaces router configuration for, PPP working with ISDN 603–605 serial interfaces, 860 router monitoring, 620–621 for routers, 329–330, 856 router requirements, server mode, VTP, 405–406 602–603 service dhcp command, 618 self test, 625–628 service password-encryption Startup wizard, 605–607 command, 334, 687 summary, 623 Service Set Identifier (SSID), two-minute drill, 624 136, 138 wizards, 611–612 session layer (layer 5), 32–33 secret parameter, IOS sessions passwords, 334 multiplexing and, 262 section overhead (SOH), fiberTCP and UDP, 270 optic cabling, 88 Secure Hashing Algorithm version Setup mode, IOS devices See System Configuration Dialog (SHA-1), 882 SHA-1 (Secure Hashing secure room, protecting physical Algorithm version 1), 882 installations, 15 shared key authentication, 802.11, Secure Shell See SSH (Secure 137 Shell) Shortest Path First (SPF), 486–488 Secure Sockets Layer (SSL), show access-lists command, 769, 604, 876 770 security, 327–330 See also network show arp command, 572 security show cdp command, 423, 574 IOS advantages, 303 show cdp neighbors command, 574 login banners, 335 S 980 CCNA Cisco Certified Network Associate Study Guide show commands access list verification, 768 debug commands compared with, 587 router interface configuration and, 532 troubleshooting IOS devices and, 337 show flash command, 563–564 show history command, 317 show hosts command, 538 show interface switchport command, 421, 423 show interfaces command, 533 connectivity testing, 577 HDLC configuration and, 859 overview of, 342–345 troubleshooting authentication, 869–871 troubleshooting PPP, 864 viewing switch statistics, 422 show ip arp command, 572–573 show ip dhcp conflict command, 619 show ip eigrp interfaces command, 728–729 show ip eigrp neighbors command, 725–726 show ip eigrp topology command, 727–728 show ip eigrp traffic command, 729 show ip interfaces command, 533, 535–536, 768 show ip nat translations command, 800–801 show ip ospf command, 690–691 show ip ospf interface command, 691 show ip ospf neighbor command, 692 show ip protocols command, 652, 688–689, 723–724 show ip route command, 424, 636, 653–654, 689–690, 724–725 show ipv6 interface command, 834 show ipv6 route rip command, 836 show mac-address-table command, 372–373 show port-security address command, 378 show port-security command, 378 show port-security interface command, 377–378 show running-config command, 310, 338–340, 768 show users command, 587 show version command, 341, 522 show version command, 563 shutdown command, 328, 343 Simple Mail Transfer Protocol (SMTP), 5, 31 Simple Network Management Protocol (SNMP), 393 singlemode fiber (SMF), fiber-optic cabling, 86–87 site-local private addresses, 826 site-to-site VPNs, 877–878 small office/home office See SOHO (small office/home office) SMDS (Switched Multi-megabit Data Services), 850, 854 SMF (singlemode fiber), fiber-optic cabling, 86–87 SMTP (Simple Mail Transfer Protocol), 5, 31 SNAP (Subnetwork Access Protocol), 76–77, 573 SNMP (Simple Network Management Protocol), 393 SNORT, anti-spyware software, 17, 19 social engineering attacks, 16–17 sockets, transport layer assigning, 36 SOH (section overhead), fiberoptic cabling, 88 SOHO (small office/home office) LANs and, 70 SDM developed for, 600 SONET (Synchronous Optical Network), 88 SPAN (Switch Port Analyzer), 465 Spanning Tree Protocol See STP (Spanning Tree Protocol) spanning-tree vlan VLAN_# priority command, 465 SPF (Shortest Path First), 486–488 split horizon NBMA issues, 931–933 NBMA solutions, 933–934 routing loops solutions, 498–509 subinterfaces as solution to, 934–935 spread spectrum, for higher data rates, 130–131 SSH (Secure Shell) application layer programs, 31 configuring, 570–571 mitigation of access attacks, 17 for remote access, 569 SDM and, 604 SSID (Service Set Identifier), 136, 138 SSL (Secure Sockets Layer), 604, 876 standard numbered ACLs comparing with extended, 742 configuring, 756–759 example of standard IP ACL, 752–756 overview of, 751–752 placement of, 772–773 types of ACLs, 741 star topology, startup IOS devices, 307–308 switch configuration, 360 startup-config file, IOS, 338–340 Startup wizard, SDM, 605–607 state, in OSPF routing, 679 stateless autoconfiguration, DHCPv6, 830 statement ordering, for ACLs, 743 static addresses, IPv6 for assigning, 829 static host configuration, routers, 536–537 static MAC addresses, switches, 373 static NAT configuring, 796–797 exercise configuring, 806–807 overview of, 788–789 static routes, 479 classless vs classful routing, 635–636 configuring, 633–634 default route configuration, 634 dynamic routing protocols compared with, 632 exercise configuring, 637–639 exercise troubleshooting, 639–642 inside the exam, 662 overview of, 632 self test, 665, 667 summary, 663 two-minute drill, 664 verifying and troubleshooting, 636–637 static VLANs, 394–395 statistics, SDM monitoring, 620 status and global configuration information, routers, 521 store-and-forward switching, 107–108 STP (Spanning Tree Protocol), 283 BPDUs and, 439 convergence and, 447–448 designated ports, 444–445 designated switches, 451–453 examining STP information on switches, 461 example using, 450–454 inside the exam, 466 loop removal, 111 managing network traffic, 393 overview of, 438 port states, 445–446 root bridge or root switch, 440–442, 451 root port, 442–444, 451 self test, 470–473 summary, 467 troubleshooting, 465–466 two-minute drill, 468–469 VLANs and, 449–450 straight-through, UTP cable, 84–85 string notation, 823 Subconfiguration modes ACLs activated in Interface Subconfiguration mode, 741 bandwidth command, 534 Interface Subconfiguration, 327, 394, 795 interfaces for routing process, 644–645 overview of, 323–324 routing protocols, 643–644 subinterfaces creating, 936–937 example using multipoint subinterfaces, 938–939 example using point-topoint subinterfaces, 939–941 exercise configuring Frame Relay with, 941–943 Frame Relay configured with, 937 router-on-a-stick, 540–541 for split horizon and routing problems, 934–935 types of, 936 subnet zero configuration, 536 subnets/subnet masks address classes and, 200–202 classful vs classless routing and, 635 determining, 206 discontiguous subnets, 241 IP addresses and, 43, 197–198 overview of, 198–199 route summarization and, 239–242 values, 199–200 VLANs and, 391–392 VLSM See VLSM (Variable Length Subnet Masks) wildcard masks and, 681–682 Subnetwork Access Protocol (SNAP), 76–77, 573 subset advertisement request message, VTP, 406 successor routes, EIGRP, 715–716 summarization See route summarization summary advertisement request message, VTP, 407 supernetting, 237 surge protectors, 16 switch configuration, 357–386 boot process, 362–364 CAM tables and, 374–375 enabling, 368–369 Index exercise, 370–371 inside the exam, 379 IP address and default gateway and, 367–368 MAC address table and, 372 port security, 375–379 self test, 383–386 startup, 360 static MAC addresses, 373 summary, 380 System Configuration Dialog, 364–367 two-minute drill, 381–382 switch IDs, 439 Switch Port Analyzer (SPAN), 465 Switched Multi-megabit Data Services (SMDS), 850, 854 switches bridges compared with, 100, 105–107 CLI (command-line interface) for, 31 collision and bandwidth solutions, 102 collisions, collision domains, congestion and, 101–102 connection configuration, 303 cut-through switching, 107–108 distance and extension of LANs and, 100–101 duplexing and, 109–111 examining STP information on, 461 example of switch forwarding, 116–121 forwarding function, 114–116 fragment-free switching, 108–109 functions of, 105, 111–112 hierarchical addressing and, 45 inside the exam, 122 as layer component, 283 as layer component, 435 learning function, 112–113 loop removal, 121–122, 439 nomenclature for IOS switches, 305 path decisions based on layer destination, 58 self test, 125–128 store-and-forward switching, 107–108 summary, 123 two-minute drill, 124 viewing switch statistics, 422 VLANs and, 388–390, 392, 394 switchport commands, 375–377, 421–422 switchport mode access command, filtering with extended 421–422 numbered ACLs, symbolic translation, 316 761–763 symmetric keys, IPSec, 882 flow control and SYN windowing, 273–274 in end-to-end delivery, overview of, 262–264, 284 290–291 port numbers for TCP and, 272–273 differentiating PAT three-way handshake and, connections, 790 271–272 ports, 267 SYN flooding attacks, 18 sending TCP SYN/ACK in Synchronous Digital Hierarchy end-to-end delivery, 292 (SDH), 88 sending TCP SYN in endSynchronous Optical Network to-end delivery, 290–291 (SONET), 88 sessions, 270 synchronous serial connections, for SYN/ACK segments, circuit-switched networks, 852 272–273 syntax checking, 316 SYN flooding attacks, 18 System Configuration Dialog, three-way handshake, 35, 519–522 270–272 device setup, 308 Technical Assistance Center exiting setup mode, 522 (TAC), SDM security, 611 protocol and interface telnet command configuration, 521 connectivity testing router configuration, 519 at application layer, running, 519–521 584–585 status and global opening telnet session in configuration end-to-end delivery, 287 information, 521 remote access with, 569 switch configuration, sending TCP SYN, 290–291 364–367 suspending telnet sessions, System LEDs, on 2960 switches, 586 360 Temporal Key Integrity Protocol (TKIP), 139 terminal emulation programs, 304, 362 text, representation options at presentation layer, 32 T-taps, 90 thicknet, Ethernet cable, 83 TAC (Technical Assistance thinnet, Ethernet cable, 83 Center), SDM security, 611 tags, Web browsers at presentation threats access attacks, 17 level, 32 DoS attacks, 18 TCP/IP (Transmission Control mitigation See mitigation Protocol/Internet Protocol), to physical installation, 160–191 15–16 applications, 266 reconnaissance attacks, communications See end16–17 to-end delivery three-way handshake, TCP, 35, EIGRP as routing protocol 270–272 for, 710 Internet layer See Internet TKIP (Temporal Key Integrity Protocol), 139 layer, TCP/IP Token Cards, 17 IP addresses See IP Token Ring addresses physical and logical IPv6, 784 topologies and, 11–12 OSI model and, 28 translational bridging and, overview of, 160 45–46 protocol stack (layers), top-down processing, for ACLs, 160–161 742–743 well-known ports, 36 topologies See network topologies TCP (Transmission Control topology tables Protocol) EIGRP, 715 application mapping, link state protocols, 487 268–269 traceroute See tracert command T 981 tracert command, 181–182 connectivity testing, 289, 582–584 example using, 182 extended version, 583–584 ICMP and, 176 options, 181–182 output, 583 traffic-share command, 718–719 traffic types, VLANs, 393–394 translational bridging, 45–46 transparent bridges, 111–112 transparent mode, VTP, 405–406 transport input ssh command, 571 transport layer (layer 4), 33–41 connection multiplexing, 36 flow control, 37, 260–261 functions of, 34, 260 inside the exam, 275 multiplexing, 262 overview of, 33 ready/not ready signals, 37–38 reliability, 261 reliable connections, 34–35 segmentation, 36, 262 self test, 278–280 summary, 275 TCP See TCP (Transmission Control Protocol) two-minute drill, 276–277 UDP See UDP (User Datagram Protocol) unreliable connections, 35–36 windowing, 38–41 transport layer, TCP/IP, 160–161 triggered updates in RIPv2, 648 as solution for convergence problems, 496 Triple DES, IPSec, 881 Trojan horse attacks, 17 troubleshooting address translation, 805 data link layer (layer 2), 51 DHCP servers, 620 EIGRP routing, 723 interfaces, 343–345 LMI, 917–920 network layer (layer 3), 46 OSPF routing, 688, 697–699 PPP, 864–865, 869–871, 874–875 RIP, 652–656, 659–661 static routes, 636–637, 639–642 STP, 465–466 WLANs, 146–147 troubleshooting IOS devices CDP, 573–576 debug commands See debug commands 982 CCNA Cisco Certified Network Associate Study Guide troubleshooting IOS devices (Cont.) exercise using router troubleshooting tools, 589–590 local ARP table, 572–573 overview of, 571–572 ping for connectivity testing, 577–581 Privilege EXEC mode, 311 show commands See show commands telnet for connectivity testing at application layer, 584–587 traceroute for connectivity testing, 582–584 trunks, VLAN See also VTP (VLAN Trunk Protocol) configuring, 415–419 connections for, 396–397 defined, 392 example of trunking, 399–401 tagging, 397 trunk-capable devices, 397–398 trunking with pruning, 410–411 trunking without pruning, 409–410 tunneling, integrating IPv4 and IPv6, 833–834 two-way state, OSPF, 676 processing, 485 triggered updates as solution for convergence problems, 496 triggered updates in RIPv2, 648 UPS (uninterruptible power supply), 15–16 User Datagram Protocol See UDP (User Datagram Protocol) User EXEC mode CLI access mode, 310–311 overview of, 310 password protection, 332–334 tracert command and, 582 username command, 334 utilities, TCP/IP arp command, 182–183 ipconfig command, 177–179 ping command, 179–181 tracert command, 181–182 for Windows PCs, 177 UTP (unshielded twisted pair) cabling devices with, 84–86 categories, 83 connectors, 84 distance limitations, 100–101 fiber and coaxial compared with, 89 IOS devices and, 304 pinout colors, 84–86 U V Virtual Private Networks See VPNs (Virtual Private Networks) virtual type terminal (VTY), 308, 740, 755 vlan command, 421–422 VLAN membership policy server (VMPS), 394 VLAN Trunk Protocol See VTP (VLAN Trunk Protocol) VLANs (virtual LANs), 388–432 802.1Q and, 401–403 access-link connections, 396 broadcast domains and, 48, 81 configuring on switches, 424–425 connections, 395 creating, 419–421 defined, 390 example of trunking, 399–401 identifiers, 396 inside the exam, 426 inter-VLAN connection problems, 424 local connection problems, 423–424 membership in, 394–395 overview of, 388–390 performance problems, 422 router-on-a-stick and, 540 scalability of, 392–393 self test, 429–432 STP and, 449–450 subnets and, 391–392 summary, 427 UDP (User Datagram Protocol) vampire taps, 90 traffic types and, 393–394 application mapping, Variable Length Subnet Masks See trunk-capable devices, 268–269 VLSM (Variable Length Subnet 397–398 filtering with extended Masks) trunk configuration, numbered ACLs, variance command, 718–719 415–419 761–763 VCs (virtual circuits) trunk connections, 396–397 overview of, 264–265, 284 advantages of, 898–900 trunk protocol See VTP port numbers for data rates, 911–913 (VLAN Trunk Protocol) differentiating PAT full-meshed design, 896–898 trunk tagging, 397 connections, 790 inside the exam, 943 two-minute drill, 428–429 ports, 267 overview of, 896 VLSM (Variable Length Subnet sessions, 270 in packet-switched Masks), 228–235 See also route unicasts networks, 853 summarization IPv6 addresses, 826 self test, 948, 950 addressing with, 230–231 MAC addresses, 49–50, serial connections supported CIDR and, 237–238 114–115 by, 902–903 examples using, 232–235 uninterruptible power supply summary, 944–945 features, 228–230 (UPS), 15–16 two-minute drill, 946 hybrid routing protocols UNNI (Unlicensed National types of, 900–902 supporting, 489 Information Infrastructure), 134 version information, IOS devices, inside the exam, 250–251 unshielded twisted pair See UTP 341–342 link state protocols and, 488 (unshielded twisted pair) virtual circuits See VCs (virtual overview of, 228 updates, routing circuits) RIPv2 and, 648 advertising, 484, 486 virtual LANs See VLANs (virtual self test, 253–257 EIGRP support for multicast LANs) two-minute drill, 252 and incremental updates, 711–712 VMPS (VLAN membership policy server), 394 voice VLANs, 394–395 VoIP (voice over IP), 19, 393–394 VPNs (Virtual Private Networks) benefits of, 877 Cisco products supporting, 878 configuring for SDM, 609 inside the exam, 885 IPSec and, 880–884 overview of, 876–877 self test, 891, 893 summary, 886–887 two-minute drill, 889 types of, 877–880 VPN gateways, 877 vtp domain command, 413 vtp password command, 423–424 vtp pruning command, 413 VTP (VLAN Trunk Protocol) configuring, 412–414 configuring trunks, 415–419 inside the exam, 426 inter-VLAN connection problems, 424 local connection problems, 423–424 messages, 406–408 modes, 405–406 overview of, 403–404 performance problems, 422 pruning, 408–409 self test, 429–432 summary, 427 trunking with pruning, 410–411 trunking without pruning, 409–410 two-minute drill, 428–429 VTY (virtual type terminal), 308, 740, 755 W WANs (wide area networks), 848–894 See also VPNs (Virtual Private Networks) cabling and connectors, 856–857 circuit-switched connections, 852–853 connection types, 850 encapsulation methods, 856 equipment and components, 848–849 frame types, 858 HDLC protocol See HDLC (High-Level Data Link Control) inside the exam, 885 leased-line connections, 850–852 Index overview of, 7–9, 848 packet-switched connections, 853–855 PPP See PPP (Point-toPoint Protocol) self test, 890, 892 serial interfaces for Cisco routers, 856 summary, 886–887 terminology, 849 two-minute drill, 888–889 War driving, 136 wave division multiplexing (WDM), 87 WDM (wave division multiplexing), 87 Web browsers application layer programs, 31 SDM supported, 601 tags at presentation level, 32 WebVPN, 879–880 well-known ports, 36, 267 WEP (Wired Equivalency Privacy), WLANs (wireless LANs), 130–156 137–139 802.11 standards, 134–135 Wi-Fi Alliance, 133 access modes, 142–143 Wi-Fi Protected Access See WPA access points, 145–146 (Wi-Fi Protected Access) client access security, wide area networks See WANs 136–137 (wide area networks) clients, 146 wildcard masks, 681–682 coverage area, 143–144 example using, 748–750 CSMA/CA and, 131–132 for matching address ranges, data rates, 144 746–748 EAP authentication, special masks, 748 139–140 windowing, transport layer, 38–41, inside the exam, 148 273–274 narrowband, broadband, winipcfg command, 178 and packet data wire number, 196 See also network solutions, 130–131 addresses RF bands available for, Wired Equivalency Privacy (WEP), 133–134 137–139 RFI and, 132 wireless connections, WANs, 850 security, 136–137 wireless LANs See WLANs self test, 152–156 (wireless LANs) SSID and MAC address Wireless Zero Configuration filtering, 138 (WZC), 146 standards, 133 wizards, SDM, 605–607, 611–612 summary, 148–149 983 technology options, 130 troubleshooting, 146–147 two-minute drill, 150–151 WEP, 138–139 WPA, 140–141 WPA (Wi-Fi Protected Access) comparing WLAN security solutions, 137 overview of, 140–141 security implementation and, 146 WPA2, 137, 140–141 WZC (Wireless Zero Configuration), 146 X X.25, 850, 854 Y Yagi, directional antenna, 132 DOI Not Found Error - DOI Not Found The DOI you requested -10.1036/0071497285 cannot be found in the Handle System Possible reasons for the error are: ● ● ● the DOI has not been created the DOI is cited incorrectly in your source the DOI does not resolve due to a system problem If you believe you have requested a DOI that should be found, you may report this error by filling out the form below: Missing DOI: 10.1036/0071497285 Referring Page: E-mail address: Please enter your email address Comments: Submit DOI Web Site http://dx.doi.org/10.1036/0071497285 [2008-7-7 21:24:02] ... experience You can achieve CCNA certification in two ways: ■ Pass the CCNA (640- 802) exam ■ Pass both the ICNDv1 (640- 822) and ICNDv2 (640- 816) exams The CCNA 640- 802 exam includes the same topics... about Cisco networking for years to come Bryan Baize CCIE 16139 This page intentionally left blank CCNA Cisco Certified Network Associate Study Guide ® ® (Exam 640- 802) Richard Deal This study/ training... your CCNA certification In This Book This book covers all the exam objectives posted on Cisco s web site concerning the CCNA 640- 802 exam as well as the ICNDv1 640- 822 and ICNDv2 640- 816 exams